Fix passing message to exceptions via raise (#11919)

department-of-veterans-affairs · Feb 28, 2023 · 27bac85 · 27bac85
1 parent 33449b3
commit 27bac85
Show file tree

Hide file tree

Showing 15 changed files with 51 additions and 50 deletions.
diff --git a/app/controllers/v0/mhv_opt_in_flags_controller.rb b/app/controllers/v0/mhv_opt_in_flags_controller.rb
@@ -4,7 +4,7 @@ module V0
   class MHVOptInFlagsController < ApplicationController
     def show
       opt_in_flag = MHVOptInFlag.find_by(user_account_id: current_user.user_account, feature: params[:feature])
-      raise Common::Exceptions::RecordNotFound, message: 'Record not found' if opt_in_flag.nil?
+      raise Common::Exceptions::RecordNotFound.new message: 'Record not found' if opt_in_flag.nil?
 
       render json: { mhv_opt_in_flag: { user_account_id: opt_in_flag.user_account_id, feature: opt_in_flag.feature } }
     rescue => e
@@ -14,8 +14,7 @@ def show
     def create
       feature = params[:feature]
       unless MHVOptInFlag::FEATURES.include?(feature)
-        raise MHVOptInFlagFeatureNotValid,
-              message: 'Feature param is not valid'
+        raise MHVOptInFlagFeatureNotValid.new message: 'Feature param is not valid'
       end
 
       status = :ok

diff --git a/app/controllers/v0/sign_in_controller.rb b/app/controllers/v0/sign_in_controller.rb
@@ -55,7 +55,7 @@ def callback # rubocop:disable Metrics/MethodLength
       handle_credential_provider_error(error, state_payload&.type) if error
       service_token_response = auth_service(state_payload.type).token(code)
 
-      raise SignIn::Errors::CodeInvalidError, message: 'Code is not valid' unless service_token_response
+      raise SignIn::Errors::CodeInvalidError.new message: 'Code is not valid' unless service_token_response
 
       user_info = auth_service(state_payload.type).user_info(service_token_response[:access_token])
       credential_level = SignIn::CredentialLevelCreator.new(requested_acr: state_payload.acr,
@@ -108,7 +108,7 @@ def refresh
       refresh_token = refresh_token_param.presence
       anti_csrf_token = anti_csrf_token_param.presence
 
-      raise SignIn::Errors::MalformedParamsError, message: 'Refresh token is not defined' unless refresh_token
+      raise SignIn::Errors::MalformedParamsError.new message: 'Refresh token is not defined' unless refresh_token
 
       decrypted_refresh_token = SignIn::RefreshTokenDecryptor.new(encrypted_refresh_token: refresh_token).perform
       session_container = SignIn::SessionRefresher.new(refresh_token: decrypted_refresh_token,
@@ -134,7 +134,7 @@ def revoke
       refresh_token = params[:refresh_token].presence
       anti_csrf_token = params[:anti_csrf_token].presence
 
-      raise SignIn::Errors::MalformedParamsError, message: 'Refresh token is not defined' unless refresh_token
+      raise SignIn::Errors::MalformedParamsError.new message: 'Refresh token is not defined' unless refresh_token
 
       decrypted_refresh_token = SignIn::RefreshTokenDecryptor.new(encrypted_refresh_token: refresh_token).perform
       SignIn::SessionRevoker.new(refresh_token: decrypted_refresh_token, anti_csrf_token: anti_csrf_token).perform
@@ -172,7 +172,7 @@ def logout
       anti_csrf_token = anti_csrf_token_param.presence
 
       unless load_user(skip_expiration_check: true)
-        raise SignIn::Errors::LogoutAuthorizationError, message: 'Unable to Authorize User'
+        raise SignIn::Errors::LogoutAuthorizationError.new message: 'Unable to Authorize User'
       end
 
       SignIn::SessionRevoker.new(access_token: @access_token, anti_csrf_token: anti_csrf_token).perform
@@ -197,29 +197,29 @@ def introspect
 
     def validate_authorize_params(type, client_id, code_challenge, code_challenge_method, acr)
       unless SignIn::Constants::Auth::CLIENT_IDS.include?(client_id)
-        raise SignIn::Errors::MalformedParamsError, message: 'Client id is not valid'
+        raise SignIn::Errors::MalformedParamsError.new message: 'Client id is not valid'
       end
       unless SignIn::Constants::Auth::CSP_TYPES.include?(type)
-        raise SignIn::Errors::AuthorizeInvalidType, message: 'Type is not valid'
+        raise SignIn::Errors::AuthorizeInvalidType.new message: 'Type is not valid'
       end
       unless SignIn::Constants::Auth::ACR_VALUES.include?(acr)
-        raise SignIn::Errors::MalformedParamsError, message: 'ACR is not valid'
+        raise SignIn::Errors::MalformedParamsError.new message: 'ACR is not valid'
       end
-      raise SignIn::Errors::MalformedParamsError, message: 'Code Challenge is not defined' unless code_challenge
+      raise SignIn::Errors::MalformedParamsError.new message: 'Code Challenge is not defined' unless code_challenge
       unless code_challenge_method
-        raise SignIn::Errors::MalformedParamsError, message: 'Code Challenge Method is not defined'
+        raise SignIn::Errors::MalformedParamsError.new message: 'Code Challenge Method is not defined'
       end
     end
 
     def validate_callback_params(code, state, error)
-      raise SignIn::Errors::MalformedParamsError, message: 'Code is not defined' unless code || error
-      raise SignIn::Errors::MalformedParamsError, message: 'State is not defined' unless state
+      raise SignIn::Errors::MalformedParamsError.new message: 'Code is not defined' unless code || error
+      raise SignIn::Errors::MalformedParamsError.new message: 'State is not defined' unless state
     end
 
     def validate_token_params(code, code_verifier, grant_type)
-      raise SignIn::Errors::MalformedParamsError, message: 'Code is not defined' unless code
-      raise SignIn::Errors::MalformedParamsError, message: 'Code Verifier is not defined' unless code_verifier
-      raise SignIn::Errors::MalformedParamsError, message: 'Grant Type is not defined' unless grant_type
+      raise SignIn::Errors::MalformedParamsError.new message: 'Code is not defined' unless code
+      raise SignIn::Errors::MalformedParamsError.new message: 'Code Verifier is not defined' unless code_verifier
+      raise SignIn::Errors::MalformedParamsError.new message: 'Grant Type is not defined' unless grant_type
     end
 
     def logout_get_redirect_url
@@ -248,11 +248,11 @@ def handle_credential_provider_error(error, type)
                      else
                        SignIn::Constants::ErrorCode::IDME_VERIFICATION_DENIED
                      end
-        raise SignIn::Errors::AccessDeniedError, message: error_message, code: error_code
+        raise SignIn::Errors::AccessDeniedError.new message: error_message, code: error_code
       else
         error_message = 'Unknown Credential Provider Issue'
         error_code = SignIn::Constants::ErrorCode::GENERIC_EXTERNAL_ISSUE
-        raise SignIn::Errors::CredentialProviderError, message: error_message, code: error_code
+        raise SignIn::Errors::CredentialProviderError.new message: error_message, code: error_code
       end
     end
 

diff --git a/app/services/sign_in/access_token_jwt_decoder.rb b/app/services/sign_in/access_token_jwt_decoder.rb
@@ -39,11 +39,11 @@ def jwt_decode_access_token(with_validation)
       )&.first
       OpenStruct.new(decoded_jwt)
     rescue JWT::VerificationError
-      raise Errors::AccessTokenSignatureMismatchError, message: 'Access token body does not match signature'
+      raise Errors::AccessTokenSignatureMismatchError.new message: 'Access token body does not match signature'
     rescue JWT::ExpiredSignature
-      raise Errors::AccessTokenExpiredError, message: 'Access token has expired'
+      raise Errors::AccessTokenExpiredError.new message: 'Access token has expired'
     rescue JWT::DecodeError
-      raise Errors::AccessTokenMalformedJWTError, message: 'Access token JWT is malformed'
+      raise Errors::AccessTokenMalformedJWTError.new message: 'Access token JWT is malformed'
     end
 
     def private_key

diff --git a/app/services/sign_in/acr_translator.rb b/app/services/sign_in/acr_translator.rb
@@ -27,7 +27,7 @@ def translate_acr
       when Constants::Auth::MHV
         translate_mhv_values
       else
-        raise Errors::InvalidTypeError, message: 'Invalid Type value'
+        raise Errors::InvalidTypeError.new message: 'Invalid Type value'
       end
     end
 
@@ -40,7 +40,7 @@ def translate_idme_values
       when 'min'
         uplevel ? LOA::IDME_LOA3 : LOA::IDME_LOA1_VETS
       else
-        raise Errors::InvalidAcrError, message: 'Invalid ACR for idme'
+        raise Errors::InvalidAcrError.new message: 'Invalid ACR for idme'
       end
     end
 
@@ -49,7 +49,7 @@ def translate_dslogon_values
       when 'loa1', 'loa3', 'min'
         LOA::IDME_DSLOGON_LOA1
       else
-        raise Errors::InvalidAcrError, message: 'Invalid ACR for dslogon'
+        raise Errors::InvalidAcrError.new message: 'Invalid ACR for dslogon'
       end
     end
 
@@ -58,7 +58,7 @@ def translate_mhv_values
       when 'loa1', 'loa3', 'min'
         LOA::IDME_MHV_LOA1
       else
-        raise Errors::InvalidAcrError, message: 'Invalid ACR for mhv'
+        raise Errors::InvalidAcrError.new message: 'Invalid ACR for mhv'
       end
     end
 
@@ -71,7 +71,7 @@ def translate_logingov_values
       when 'min'
         uplevel ? IAL::LOGIN_GOV_IAL2 : IAL::LOGIN_GOV_IAL1
       else
-        raise Errors::InvalidAcrError, message: 'Invalid ACR for logingov'
+        raise Errors::InvalidAcrError.new message: 'Invalid ACR for logingov'
       end
     end
   end

diff --git a/app/services/sign_in/attribute_validator.rb b/app/services/sign_in/attribute_validator.rb
@@ -173,7 +173,7 @@ def handle_error(error_message, error_code, error: nil)
       sign_in_logger.info('attribute validator error', { errors: error_message,
                                                          credential_uuid: credential_uuid,
                                                          type: service_name })
-      raise error, message: error_message, code: error_code if error
+      raise error.new message: error_message, code: error_code if error
     end
 
     def mpi_response_profile

diff --git a/app/services/sign_in/code_validator.rb b/app/services/sign_in/code_validator.rb
@@ -20,11 +20,13 @@ def perform
     private
 
     def validations
-      raise Errors::CodeInvalidError, message: 'Code is not valid' unless code_container
+      raise Errors::CodeInvalidError.new message: 'Code is not valid' unless code_container
       if code_challenge != code_container.code_challenge
-        raise Errors::CodeChallengeMismatchError, message: 'Code Verifier is not valid'
+        raise Errors::CodeChallengeMismatchError.new message: 'Code Verifier is not valid'
+      end
+      if grant_type != Constants::Auth::GRANT_TYPE
+        raise Errors::GrantTypeValueError.new message: 'Grant Type is not valid'
       end
-      raise Errors::GrantTypeValueError, message: 'Grant Type is not valid' if grant_type != Constants::Auth::GRANT_TYPE
     end
 
     def user_verification
@@ -42,7 +44,7 @@ def code_container
     def remove_base64_padding(data)
       Base64.urlsafe_encode64(Base64.urlsafe_decode64(data.to_s), padding: false)
     rescue ArgumentError
-      raise Errors::CodeVerifierMalformedError, message: 'Code Verifier is malformed'
+      raise Errors::CodeVerifierMalformedError.new message: 'Code Verifier is malformed'
     end
 
     def validated_credential

diff --git a/app/services/sign_in/credential_level_creator.rb b/app/services/sign_in/credential_level_creator.rb
@@ -55,7 +55,7 @@ def create_credential_level
                           max_ial: max_ial,
                           auto_uplevel: auto_uplevel)
     rescue ActiveModel::ValidationError
-      raise Errors::InvalidCredentialLevelError, message: 'Unsupported credential authorization levels'
+      raise Errors::InvalidCredentialLevelError.new message: 'Unsupported credential authorization levels'
     end
 
     def max_ial

diff --git a/app/services/sign_in/refresh_token_decryptor.rb b/app/services/sign_in/refresh_token_decryptor.rb
@@ -27,10 +27,10 @@ def perform
 
     def validate_token!(decrypted_component)
       if decrypted_component.version != version_from_split_token
-        raise Errors::RefreshVersionMismatchError, message: 'Refresh token version is invalid'
+        raise Errors::RefreshVersionMismatchError.new message: 'Refresh token version is invalid'
       end
       if decrypted_component.nonce != nonce_from_split_token
-        raise Errors::RefreshNonceMismatchError, message: 'Refresh nonce is invalid'
+        raise Errors::RefreshNonceMismatchError.new message: 'Refresh nonce is invalid'
       end
     end
 
@@ -51,7 +51,7 @@ def decrypt_refresh_token(encrypted_part)
       message_encryptor.decrypt(encrypted_part)
     rescue KmsEncrypted::DecryptionError
       Rails.logger.info("[RefreshTokenDecryptor] Token cannot be decrypted, refresh_token: #{encrypted_refresh_token}")
-      raise Errors::RefreshTokenDecryptionError, message: 'Refresh token cannot be decrypted'
+      raise Errors::RefreshTokenDecryptionError.new message: 'Refresh token cannot be decrypted'
     end
 
     def deserialize_token(decrypted_string)

diff --git a/app/services/sign_in/refresh_token_encryptor.rb b/app/services/sign_in/refresh_token_encryptor.rb
@@ -20,7 +20,7 @@ def perform
 
     def validate_input
       unless refresh_token.version && refresh_token.nonce
-        raise Errors::RefreshTokenMalformedError, message: 'Refresh token is malformed'
+        raise Errors::RefreshTokenMalformedError.new message: 'Refresh token is malformed'
       end
     end
 

diff --git a/app/services/sign_in/session_refresher.rb b/app/services/sign_in/session_refresher.rb
@@ -21,19 +21,19 @@ def perform
 
     def anti_csrf_check
       if anti_csrf_token != refresh_token.anti_csrf_token
-        raise Errors::AntiCSRFMismatchError, message: 'Anti CSRF token is not valid'
+        raise Errors::AntiCSRFMismatchError.new message: 'Anti CSRF token is not valid'
       end
     end
 
     def find_valid_oauth_session
       @session ||= OAuthSession.find_by(handle: refresh_token.session_handle)
-      raise Errors::SessionNotAuthorizedError, message: 'No valid Session found' unless session&.active?
+      raise Errors::SessionNotAuthorizedError.new message: 'No valid Session found' unless session&.active?
     end
 
     def detect_token_theft
       unless refresh_token_in_session? || parent_refresh_token_in_session?
         session.destroy!
-        raise Errors::TokenTheftDetectedError, message: 'Token theft detected'
+        raise Errors::TokenTheftDetectedError.new message: 'Token theft detected'
       end
     end
 

diff --git a/app/services/sign_in/session_revoker.rb b/app/services/sign_in/session_revoker.rb
@@ -22,18 +22,18 @@ def perform
 
     def anti_csrf_check
       if anti_csrf_token != revoking_token.anti_csrf_token
-        raise Errors::AntiCSRFMismatchError, message: 'Anti CSRF token is not valid'
+        raise Errors::AntiCSRFMismatchError.new message: 'Anti CSRF token is not valid'
       end
     end
 
     def find_valid_oauth_session
       @session ||= OAuthSession.find_by(handle: revoking_token.session_handle)
-      raise Errors::SessionNotAuthorizedError, message: 'No valid Session found' unless session&.active?
+      raise Errors::SessionNotAuthorizedError.new message: 'No valid Session found' unless session&.active?
     end
 
     def detect_token_theft
       unless refresh_token_in_session? || parent_refresh_token_in_session?
-        raise Errors::TokenTheftDetectedError, message: 'Token theft detected'
+        raise Errors::TokenTheftDetectedError.new message: 'Token theft detected'
       end
     end
 

diff --git a/app/services/sign_in/state_payload_jwt_decoder.rb b/app/services/sign_in/state_payload_jwt_decoder.rb
@@ -39,9 +39,9 @@ def decoded_jwt
         OpenStruct.new(decoded_jwt)
       end
     rescue JWT::VerificationError
-      raise Errors::StatePayloadSignatureMismatchError, message: 'State JWT body does not match signature'
+      raise Errors::StatePayloadSignatureMismatchError.new message: 'State JWT body does not match signature'
     rescue JWT::DecodeError
-      raise Errors::StatePayloadMalformedJWTError, message: 'State JWT is malformed'
+      raise Errors::StatePayloadMalformedJWTError.new message: 'State JWT is malformed'
     end
 
     def private_key

diff --git a/app/services/sign_in/state_payload_jwt_encoder.rb b/app/services/sign_in/state_payload_jwt_encoder.rb
@@ -26,14 +26,14 @@ def perform
 
     def check_code_challenge_method
       if code_challenge_method != Constants::Auth::CODE_CHALLENGE_METHOD
-        raise Errors::CodeChallengeMethodMismatchError, message: 'Code Challenge Method is not valid'
+        raise Errors::CodeChallengeMethodMismatchError.new message: 'Code Challenge Method is not valid'
       end
     end
 
     def validate_state_payload
       state_payload
     rescue ActiveModel::ValidationError
-      raise Errors::StatePayloadError, message: 'Attributes are not valid'
+      raise Errors::StatePayloadError.new message: 'Attributes are not valid'
     end
 
     def jwt_encode_state_payload
@@ -71,7 +71,7 @@ def state_code
     def remove_base64_padding(data)
       Base64.urlsafe_encode64(Base64.urlsafe_decode64(data.to_s), padding: false)
     rescue ArgumentError
-      raise Errors::CodeChallengeMalformedError, message: 'Code Challenge is not valid'
+      raise Errors::CodeChallengeMalformedError.new message: 'Code Challenge is not valid'
     end
 
     def private_key

diff --git a/app/services/sign_in/state_payload_verifier.rb b/app/services/sign_in/state_payload_verifier.rb
@@ -19,7 +19,7 @@ def state_code
     end
 
     def validate_state_code
-      raise Errors::StateCodeInvalidError, message: 'Code in state is not valid' unless state_code
+      raise Errors::StateCodeInvalidError.new message: 'Code in state is not valid' unless state_code
     ensure
       state_code&.destroy
     end

diff --git a/app/services/sign_in/user_loader.rb b/app/services/sign_in/user_loader.rb
@@ -31,7 +31,7 @@ def reload_user
     end
 
     def validate_account_and_session
-      raise Errors::SessionNotFoundError, message: 'Invalid Session Handle' unless session
+      raise Errors::SessionNotFoundError.new message: 'Invalid Session Handle' unless session
     end
 
     def user_attributes